Digital Forensics Analysis of IoT Nodes using Machine Learning

Abstract

With the versatility and exponential growth of IoT solutions, the probability of being attacked has increased. Resource constraint IoT devices raised a challenge for the security handler to track logs of different variety of attacks generated on them while performing the forensic analysis. Commonly forensic analysis is performed on the devices that calculate how much loss has occurred to the device due to the diversity of attacks. The main objective of this paper to develop a framework through which secueity can perfrom the forensic analysis on resource contraint IoT devices. In this paper, we have proposed a framework that intelligently performs forensic analysis and detects the different types of attacks performed on the endpoint (IoT device) using a node to node (N2N) framework. Furthermore, this proposed solution is a blend of different forensic tools and Machine learning techniques to identify different types of attacks. Using a third-party log server, the problem of evidence recovery from the endpoint under attack is addressed. To determine the nature and effect of the attack we have used the logs by using the security onion (forensic server). Additionally, this framework is equipped to automatically detect attacks by using the different machine learning algorithms. The efficiency of machine learning models is measured upon the values of (1) Accuracy, (2) Precision, (3) Recall, and (4) F-Measure. The results show that the decision tree algorithm stands out with the optimum performance compared to other ML models. Overall this framework can be used for the secuirty of IoT devices as well as the evidence collection from the IoT endpoint. For the validation of the proposed framework more detailed results and performance, analysis is presented in this paper.